Users with injected software are 15 percent more likely to experience crashes.

Share this story

To boost the stability of Chrome, Google has announced that it's going to start blocking third-party software from being injected into the browser.

Third-party software such as anti-virus scanners and video driver utilities often injects libraries into running processes to do things like inspect network traffic, or add custom menu options to menus. Malicious software can also do the same to spy on users, steal passwords, and similar. Google has found that people who have such injected code are 15 percent more likely to see their browser crash. As such, it's going to start blocking such injections.

The change will start in Chrome 66, due in April 2018. If that version crashes, it will warn users that there is something injected that could be causing problems. Chrome 68, due in July 2018, will start blocking the injection; if the browser doesn't run properly, it'll allow the injected software but show a warning. Chrome 72, due in January 2019, will block code injection entirely.

Google says that with its extension and native messaging APIs, many applications that need to inject code into Chrome processes can use these alternative, safe, supported mechanisms instead. Google will also allow certain exemptions even after Chrome 72. Accessibility software (such as screen readers), Input Method Editors (used to compose complex scripts, and essential for many Asian languages), and any code that's been signed by Microsoft will continue to be allowed.

Microsoft made a similar change to its Edge browser back with the first major update to Windows 10 in November 2015. Libraries that are signed by Microsoft, or included in signed drivers, are permitted, but everything else is blocked.